The Signer class is designed for those who are signing data on
behalf of a public-private keypair.

In principle, the “client party” has public key (i.e., client_id)
and a matching private key (i.e., client_secret) that can be
verified by both the signer and the client (but nobody else as we don’t
want to make forgeries possible).

The “signing party” has a simple identifier which acts as an additional
piece of entropy in the algorithm, and can help differentiate between
multiple signing parties if the client party does something like try to
use the same public-private keypair independently of a signing party (as
is common with GPG signing).

Testing

You need to install all of the supported versions of Python. (This
will take a while.) If you would prefer to install your own copies of
the supported Python versions (listed above), feel free to manage
them yourself.